Overview

overview

8

Static

static

8

Scan 2023....01.doc

windows7-x64

4

Scan 2023....01.doc

windows10-2004-x64

3

Resubmissions

14/03/2023, 10:13

230314-l9a7eagg8z 8

14/03/2023, 10:11

230314-l75cgaeg64 10

Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2023, 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Scan 2023.14.03_1101.doc

  • Size

    505.3MB

  • MD5

    b4c2209c6345ef88683247df6b90b3bc

  • SHA1

    4b17921aba075e4f2cf39cca0c355d4b51c4f45a

  • SHA256

    8276a5004242be36847f414af565eabd8726fa4746cc1cac9764f4e77ec6818e

  • SHA512

    2ee1b02c381e4d3e7b712daae1fb3c4ccd834ba7c702eddd985df9d5a76faa22663b4ca8afba241a7c81d4bed94cfaa09d18c4f824de6de91294ea1dd2bae11b

  • SSDEEP

    6144:1620tqUx3Xu+7ZkRIDNGi9a0Va5UAClo:1620tqm3+I2ezcz5U3lo

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Script User-Agent 7 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Scan 2023.14.03_1101.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:984
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 436 -p 1596 -ip 1596
    1⤵
      PID:4796
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1596 -s 1468
      1⤵
      • Program crash
      PID:3928

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/984-133-0x00007FFC1CAF0000-0x00007FFC1CB00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/984-134-0x00007FFC1CAF0000-0x00007FFC1CB00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/984-135-0x00007FFC1CAF0000-0x00007FFC1CB00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/984-136-0x00007FFC1CAF0000-0x00007FFC1CB00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/984-137-0x00007FFC1CAF0000-0x00007FFC1CB00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/984-138-0x00007FFC1A190000-0x00007FFC1A1A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/984-139-0x00007FFC1A190000-0x00007FFC1A1A0000-memory.dmp

      Filesize

      64KB

      Download